Meyer Corporation, US makes cookware and bakeware. In October 2021, the complaint for this class action alleges, unauthorized parties used ransomware to access the personally identifiable information (PII) of 2,717 of its employees. Then, the complaint alleges, it “failed to notify its employees about the breach for nearly four months while cybercriminals publicly claimed responsibility for the Data Breach and published certain stolen data to prove what they had done.”
The class for this action is all individuals living in California whose PII was compromised in the data breach revealed by Meyer in February 2022.
The cyberattack took place sometime on or around October 25, 2021, the complaint alleges. It claims, “It is unknown for how long the breach went undetected before Meyer detected it, meaning Meyer had no effective means to prevent, detect, or stop the Data Breach from happening before cybercriminals stole and misused employees’ PII.”
The data compromised includes names, addresses, dates of birth, gender and race, Social Security numbers, driver’s license numbers, and medical information—including such things as medical conditions, drug tests, and Covid-19 vaccination cards and statuses—plus immigration statuses and their dependents’ PII.
Although Meyer discovered the data breach around December 1, 2021, the complaint claims that it hid the news from the individual victims until February 15, 2022, four months after the breach occurred and three months after some of the information had been published. On that date, the complaint claims, it finally informed its current and former employees and offered them twenty-four months of free credit monitoring, which the complaint claims is not enough to protect them from the “lifelong threat” represented by the data breach.
The notice of the data breach also “revealed little about the breach and obfuscated its nature[,]” the complaint claims. The complaint claims that Meyer did not explain how the cybercriminals gained access to its systems, why it took time for Meyer to discover it, and so on.
According to the complaint, “Meyer has not implemented reasonable cybersecurity safeguards or policies to protect current and former employee PII, or trained its employees to prevent, detect, and stop data breaches of Meyer’s systems.” It claims that Meyer therefore has vulnerabilities in its systems that can be exploited to gain access to stored PII.
In fact, the complaint alleges that Meyer has had other data breaches before this one: “Meyer has therefore displayed a pattern of institutional failure to safeguard highly sensitive employee information.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Meyer Corporation Data Breach Complaint
June 16, 2022
Meyer Corporation, US makes cookware and bakeware. In October 2021, the complaint for this class action alleges, unauthorized parties used ransomware to access the personally identifiable information (PII) of 2,717 of its employees. Then, the complaint alleges, it “failed to notify its employees about the breach for nearly four months while cybercriminals publicly claimed responsibility for the Data Breach and published certain stolen data to prove what they had done.”
Meyer Corporation Data Breach ComplaintCase Event History
Meyer Corporation Data Breach Complaint
June 16, 2022
Meyer Corporation, US makes cookware and bakeware. In October 2021, the complaint for this class action alleges, unauthorized parties used ransomware to access the personally identifiable information (PII) of 2,717 of its employees. Then, the complaint alleges, it “failed to notify its employees about the breach for nearly four months while cybercriminals publicly claimed responsibility for the Data Breach and published certain stolen data to prove what they had done.”
Meyer Corporation Data Breach Complaint